IaaS & PaaS: DSPM protects public clouds

“…More than half (59%) of respondents believe that more than 30% of their organization’s sensitive data residing in IaaS and PaaS environments is insufficiently secured.” Cloud Data Security Report, 2023

sensitive cloud-resident data

Data Security Posture Management (DSPM) is especially useful for protecting sensitive data in Infrastructure-as-a Service (IaaS) and Platform-as-a-Service (PaaS) public cloud services. As a central integration point for a range of five types of cloud data protection functionality, DSPM allows organizations to reduce or eliminate many siloed point solutions and achieve better, more cost-effective results.

What DSPM 
provides in laaS/PaaS

data stores

A systematic, automated process guided by a DSPM platform will help your security, IT operations, and DevOps teams with:


Data discovery
Answers the question, “Where are my data?” A platform must discover cloud-native structured and unstructured data stores such as block storage and PaaS.


Data classification
  Tells you what kinds of data exist and if they are sensitive (e.g., GDPR, PCI DSS, HIPAA). Answers questions like “Who can access my data?” and “Are there shadow data stores?”


Access governance
Ensures that only authorized users are allowed to access specific data stores or types of data. DSPM’s access governance processes will also discover related issues, such as: “Are there abandoned databases?” or “Are there excessive privileges?”


Risk management
Detects potential attack paths that could lead to a
breach of sensitive data. Detection includes vulnerabilities affecting sensitive data and insecure users with access to sensitive data. All this points teams to steps for remediation.


  Automatically detects and classifies all data within all your organization’s cloud data stores related to any relevant laws and regulations (GDPR, HIPAA, GLBA, PCI DSS, CCPA, etc.). Simplifies compliance with automated mappings of your data to compliance benchmarks.

How siloed point
solutions fall short

Subsets of DSPM’s functionality are seen in current and emerging tools for cloud security. Unfortunately, their functionality is siloed, and these standalone tools do not fulfill all five major functions of DSPM required for systematic, comprehensive, and effective security of all cloud data.

The matrix below shows how current cloud security tools are partially addressing the five functions of DSPM in various types of cloud data stores. Essentially, DSPM fulfills all the squares stating “None” and may replace tools in the other squares –especially if an organization’s use cases for particular tools are minimal. Alternately, if an organization has significant investment in particular cloud security tools (such as populating a CMDB with hundreds of thousands of assets, owners, business criticality, etc.), the DSPM platform can also ingest operational data, alerts, and other metrics from your existing infrastructure of corresponding tools for security, IT operations, and DevOps. Use case flexibility goes a long way with DSPM!



Gartner® Innovation Insight: Data Security Posture Management


DSPM-chat-Richard Stiennon-Ravi-Ithal-Normalyze
Cloud migration & data security: iSMG interviews Amer Deeba
AWS re:Inforce 2023

Anaheim Convention Center
June 13-24, Anaheim, CA

Black Hat USA 2023

Mandalay Bay Convention Center
August 5-10, Las Vegas, NV